Rails 500 error overwrites my headers

Question

I have a rails application with the cors being set on before_filter:

def cors
  headers['Access-Control-Allow-Origin'] = '*'
  headers['Access-Control-Allow-Headers'] = 'X-AUTH-TOKEN, X-API-VERSION, X-Requested-With, Content-Type, Accept, Origin'
  headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
  headers['Access-Control-Max-Age'] = "1728000"
end

before_filter :cors

And this works just fine. Then if an error is thrown on the route, the headers get overwritten.

def index
  object.undefined_method() // undefined method `undefined_method'
end

Response headers:

Keep-Alive
Content-Length →16399
Content-Type →text/html; charset=utf-8
Date →Thu, 08 May 2014 18:51:20 GMT
Server →WEBrick/1.3.1 (Ruby/2.0.0/2013-11-22)
X-Request-Id →6ace3d4e-4367-452c-a924-c4c490f207de
X-Runtime →0.130761

Even though the before_filter runs, those headers are not there. Although the 500 error shouldn't exist, I would like for the front-end developers to be able to give me a more descriptive error than "I did this and the CORS didn't work." I would expect the CORS to be in the result.

Thanks.

Answer 1

By default Rails uses Rack Middleware for handling errors. This middleware totally skips any headers from requests. Possible solution - use your own handler for error pages, many good ideas are described here